Bug 945855: Remove the security.first_network_revocation_method pref, r=briansmith

--HG-- extra : rebase_source : e416ba1e78f95234d403c078ad81b5fddcce947a extra : amend_source : 7adbe291df748b5a6d1f1122573e862bdc5f5f11
2024-09-13 09:24:08 -07:00 · 2013-12-06 00:55:17 -08:00 · 2013-12-06 00:55:17 -08:00 · 8cc419fcda
commit 8cc419fcda
parent 9358ea030d
3 changed files with 1 additions and 15 deletions
--- a/security/manager/ssl/src/CertVerifier.cpp
+++ b/security/manager/ssl/src/CertVerifier.cpp
@ -25,15 +25,12 @@ CertVerifier::CertVerifier(missing_cert_download_config mcdc,
                           ocsp_download_config odc,
                           ocsp_strict_config osc,
                           any_revo_fresh_config arfc,
-                           const char *firstNetworkRevocationMethod,
                           ocsp_get_config ogc)
  : mMissingCertDownloadEnabled(mcdc == missing_cert_download_on)
  , mCRLDownloadEnabled(cdc == crl_download_allowed)
  , mOCSPDownloadEnabled(odc == ocsp_on)
  , mOCSPStrict(osc == ocsp_strict)
  , mRequireRevocationInfo(arfc == any_revo_strict)
-  , mCRLFirst(firstNetworkRevocationMethod != nullptr &&
-              !strcmp("crl", firstNetworkRevocationMethod))
  , mOCSPGETEnabled(ogc == ocsp_get_enabled)
 {
  MOZ_COUNT_CTOR(CertVerifier);
@ -361,8 +358,7 @@ CertVerifier::VerifyCert(CERTCertificate * cert,
    ;

  rev.leafTests.preferred_methods[0] =
-  rev.chainTests.preferred_methods[0] =
-    mCRLFirst ? cert_revocation_method_crl : cert_revocation_method_ocsp;
+  rev.chainTests.preferred_methods[0] = cert_revocation_method_ocsp;

  rev.leafTests.cert_rev_method_independent_flags =
  rev.chainTests.cert_rev_method_independent_flags =
--- a/security/manager/ssl/src/CertVerifier.h
+++ b/security/manager/ssl/src/CertVerifier.h
@ -47,7 +47,6 @@ private:
  CertVerifier(missing_cert_download_config ac, crl_download_config cdc,
               ocsp_download_config odc, ocsp_strict_config osc,
               any_revo_fresh_config arfc,
-               const char *firstNetworkRevocationMethod,
               ocsp_get_config ogc);
  ~CertVerifier();

@ -56,7 +55,6 @@ private:
  const bool mOCSPDownloadEnabled;
  const bool mOCSPStrict;
  const bool mRequireRevocationInfo;
-  const bool mCRLFirst;
  const bool mOCSPGETEnabled;
  friend class ::nsNSSComponent;
 };
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@ -1010,12 +1010,6 @@ void nsNSSComponent::setValidationOptions()
  bool aiaDownloadEnabled = Preferences::GetBool("security.missing_cert_download.enabled",
                                                 false);

-  nsCString firstNetworkRevo =
-    Preferences::GetCString("security.first_network_revocation_method");
-  if (firstNetworkRevo.IsEmpty()) {
-    firstNetworkRevo = "ocsp";
-  }
-
  bool ocspStaplingEnabled = Preferences::GetBool("security.ssl.enable_ocsp_stapling",
                                                  true);
  if (!ocspEnabled) {
@ -1051,7 +1045,6 @@ void nsNSSComponent::setValidationOptions()
        CertVerifier::ocsp_strict : CertVerifier::ocsp_relaxed,
      anyFreshRequired ?
        CertVerifier::any_revo_strict : CertVerifier::any_revo_relaxed,
-      firstNetworkRevo.get(),
      ocspGetEnabled ?
        CertVerifier::ocsp_get_enabled : CertVerifier::ocsp_get_disabled);

@ -1674,7 +1667,6 @@ nsNSSComponent::Observe(nsISupports *aSubject, const char *aTopic,
               || prefName.Equals("security.CRL_download.enabled")
               || prefName.Equals("security.fresh_revocation_info.require")
               || prefName.Equals("security.missing_cert_download.enabled")
-               || prefName.Equals("security.first_network_revocation_method")
               || prefName.Equals("security.OCSP.require")
               || prefName.Equals("security.OCSP.GET.enabled")
               || prefName.Equals("security.ssl.enable_ocsp_stapling")) {